Il 08 gen 2017 08:31, Meng Xu <xumengpa...@gmail.com> ha scritto: [cc. Dario and George]
On Fri, Jan 6, 2017 at 1:34 PM, wy11 <w...@rice.edu> wrote: > Dear Xen developers, Hi, > > Recently I read a paper about possible theft of service attacks in Xen > hypervisor. > > https://arxiv.org/pdf/1103.0759.pdf I quickly read it. It is interesting to see that EC2 suffers from such issue. According to 4.1, it seems to me that this is more like a scheduler "bug" in budget accounting logic. It's from March 2011. I was pretty new to Xen at the time, I'm sure George knows better. IIRC, is that it's a known attack vector and it's been fixed. I can look at the paper and dig in the code and find proper references during during this coming week, when back from time-off, but you probably can verify it yourself, if you look carefully. When the attack VCPU wake up, the scheduler should starts to counting all time consumed from now on for the attack VM, instead of the victim VM. When the attack VCPU sleeps, the scheduler should accounts the budget consumed for the attack VM. In the event-driven RTDS scheduler, this issue should not happen. The scheduler did account the budget for the correct VMs, IIRC. Is there any experiment showing that RTDS scheduler suffers this issue? I'm sure this is not an issue for neither RTDS nor Credit2. But it's most likely not an issue any longer either for Credit. Refards, Dario
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
